ipsec: move the IPSec SA pool out of ipsec_main

[vpp.git] / src / plugins / dpdk / ipsec / ipsec.c

diff --git a/src/plugins/dpdk/ipsec/ipsec.c b/src/plugins/dpdk/ipsec/ipsec.c
index ad638db..e260ba7 100644 (file)
--- a/src/plugins/dpdk/ipsec/ipsec.c
+++ b/src/plugins/dpdk/ipsec/ipsec.c
@@ -17,6 +17,7 @@
 #include <vnet/api_errno.h>
 #include <vnet/ipsec/ipsec.h>
 #include <vlib/node_funcs.h>
+#include <vlib/log.h>
 
 #include <dpdk/device/dpdk.h>
 #include <dpdk/buffer.h>
@@ -324,7 +325,6 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
                    crypto_worker_main_t * cwm, u8 is_outbound)
 {
   dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
-  ipsec_main_t *im = &ipsec_main;
   crypto_data_t *data;
   ipsec_sa_t *sa;
   struct rte_crypto_sym_xform cipher_xform = { 0 };
@@ -333,8 +333,7 @@ create_sym_session (struct rte_cryptodev_sym_session **session,
   struct rte_cryptodev_sym_session **s;
   clib_error_t *error = 0;
 
-
-  sa = pool_elt_at_index (im->sad, sa_idx);
+  sa = ipsec_sa_get (sa_idx);
 
   if ((sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_128) |
       (sa->crypto_alg == IPSEC_CRYPTO_ALG_AES_GCM_192) |
@@ -1009,9 +1008,8 @@ dpdk_ipsec_enable_disable (int is_enable)
   return 0;
 }
 
-static uword
-dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
-                   vlib_frame_t * f)
+static clib_error_t *
+dpdk_ipsec_main_init (vlib_main_t * vm)
 {
   ipsec_main_t *im = &ipsec_main;
   dpdk_crypto_main_t *dcm = &dpdk_crypto_main;
@@ -1029,7 +1027,8 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
 
   if (!(dcm->enabled))
     {
-      clib_warning ("not enough DPDK crypto resources, default to OpenSSL");
+      vlib_log_warn (dpdk_main.log_default,
+                    "not enough DPDK crypto resources");
       crypto_disable ();
       return 0;
     }
@@ -1062,19 +1061,12 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
       return 0;
     }
 
-
-  u32 idx = ipsec_register_esp_backend (vm, im, "dpdk backend",
-                                       "dpdk-esp4-encrypt",
-                                       "dpdk-esp4-encrypt-tun",
-                                       "dpdk-esp4-decrypt",
-                                       "dpdk-esp4-decrypt",
-                                       "dpdk-esp6-encrypt",
-                                       "dpdk-esp6-encrypt-tun",
-                                       "dpdk-esp6-decrypt",
-                                       "dpdk-esp6-decrypt",
-                                       dpdk_ipsec_check_support,
-                                       add_del_sa_session,
-                                       dpdk_ipsec_enable_disable);
+  u32 idx = ipsec_register_esp_backend (
+    vm, im, "dpdk backend", "dpdk-esp4-encrypt", "dpdk-esp4-encrypt-tun",
+    "dpdk-esp4-decrypt", "dpdk-esp4-decrypt", "dpdk-esp6-encrypt",
+    "dpdk-esp6-encrypt-tun", "dpdk-esp6-decrypt", "dpdk-esp6-decrypt",
+    "error-drop", dpdk_ipsec_check_support, add_del_sa_session,
+    dpdk_ipsec_enable_disable);
   int rv;
   if (im->esp_current_backend == ~0)
     {
@@ -1084,14 +1076,7 @@ dpdk_ipsec_process (vlib_main_t * vm, vlib_node_runtime_t * rt,
   return 0;
 }
 
-/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (dpdk_ipsec_process_node,static) = {
-    .function = dpdk_ipsec_process,
-    .type = VLIB_NODE_TYPE_PROCESS,
-    .name = "dpdk-ipsec-process",
-    .process_log2_n_stack_bytes = 17,
-};
-/* *INDENT-ON* */
+VLIB_MAIN_LOOP_ENTER_FUNCTION (dpdk_ipsec_main_init);
 
 /*
  * fd.io coding-style-patch-verification: ON